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Appl. No, 09/693,605 

Amendment dated April 5, 2006 

Reply to Office Action of October 6, 2005 

Amfetidments to the Claims: 

This listing of claims will replace aU prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

Claim 1 (currently amended): A computer readable medium containing a database structure for 
storage of encrypted data, the database strucmi'e comprising: 

at least one data entity encrypted by at least one encryption key, the data entity having at 

least one searchable attribute; and 
at least one encryption key identification stored in association with the data entity and 

corresponding to the encryption key. 

Claim 2 (previously amended): The computer readable medium according to claim 1 wherein 
the at least one encryption key identification is encrypted by a system key, and the 
database structure further comprises a system key common name corresponding to the 
system key, the system key common name being stored in association with the data 
entity. 

Claim 3 (previously amended): The computer readable medium according to claim 2 wherein the 
system key common name is hashed, and the database structure further comprises the 
system key common name hash value stored in association with the system key common 
name. 

Claim 4 (original): The computer readable medium according to claim 3 wherein the system key 
common name and the system key conmion name hash value are stored on a separate 
database from the at least one data entity. 

Claim 5: (original): The computer readable medium according to claim 1 wherein the at least one 
encryption key identification is encrypted by a system key. 

Claim 6 (original): The computer readable medium according to claim 1 wherein the at least one 
encryption key comprises a dynamic encryption key, and the at least one encryption key 
identification comprises a dynamic encryption key identification. 
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Claim 7 (original): The computer readable medium according to claim 1 further comprising a 

plur^ity of data entities encrypted by a plurality of encryption keys, and a plurality of 

encryption key identifications. 
Claim 8 (original): The computer readable medium according to claim 7 wherein the plurality of 

encryption keys comprise dynamic encryption keys, and the plurality of encryption key 

identifications comprise dynamic encryption key identifications. 

Claim 9 (original): The computer readable medium according to claim 1 wherein the data 

structure further comprises a plurality of hash values with each of the searchable 

attributes having a corresponding hash value. 
Claim 10 (original): The computer readable medium according to cJaim 1 wherein the data 

structure further comprises at least one integrity attribute in association with the data 

entity. 

Claim 11 (original): The computer readable medium according to claim 1 wherein the data 
stmcmre further comprises a security key attribute of the data entity, the security key 
attribute including the at least one encryption key identification and a system key 
common name. 

Claim 12 (original); The computer readable medium according to claim 1 further comprising a 
first database including the data entity and encryption key identification stored thereon 
and a second database including the encryption key stored thereon. 

Claim 13 (original): The computer readable medium according to claim 12 wherein the first 
database further includes a system key conmion name stored thereon, and the system key 
common name corresponds to a system key used to encrypt the encryption key 
identification. 

Claim 14 (original): The computer readable medium according to claim 13 further comprising a 

security token including the system key stored thereon. 
Claim 15 (original): The computer readable medium according to claim 14 wherein the security 

token comprises a Smart Card reader. 

-5 WA 848487-1 
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Claim 16 (original): The computer readable medium according to claim 1 wherein the at least 
one encryption key identification is stored as an attribute of the data entity. 

Claim 17 (original); The computer readable medium according to claim 1 wherein the data entity 
comprises a data object having a plurality of attributes. 

Claim 18 (original): The computer readable medium according to claim 1 further comprising a 
second data entity including as attributes tiie encryption key and the encryption key 
identification. 

Claim 19 (original): The computer readable medium according to claim 18 wherein the second 

data entity is stored on a separate isolated database from the at least one data entity- 
Claim 20 (original): The computer readable medium according to claim 1 further comprising a 
second data entity encrypted by a second encryption key> the second data entity having a 
s^ond searchable attribute, and a second encryption key identification corresponding to 
the second encryption key; and wherein the at least one encryption key comprises a first 
encryption key and the at least one encryption key identification comprises a first 
encryption key identification. 
Claim 21 (original): The conaputer readable medium according to claim 20 wherein the second 
encryption key identification is stored as an attribute of the second data entity. 

Claim 22 (original): The computer readable medium according to claim 20 wherein the first and 
second encryption key identifications are encrypted by a system key having a system key 
common name. 

Claim 23 (original): The computer readable medium according to claim 22 wherein the system 
key comprises a public system key. 

Claim 24 (original); The computer readable medium according to claim 22 further comprising 
the system key common name stored as an attribute of the first and second data entities. 

Claim 25 (original); The computer readable medium according to claim 20 wherein tiie first 
encryption key identification is encrypted by a first system key, and the second 
encryption key identification is encrypted by a second system key. 

^ WA 848487.1 
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Claim 26 (original): The computer readable medium according to claim 20 wherein the first and 

second data entities contain information for an individual customer. 
Claim 27 (original): The computer readable medium according to claim 26 wherein the first data 

entity contains medical patient name information, and the second data entity contains 

medical patient address information. 
Claim 28 (currently amended): A computer readable data transmission medium containing a data 

structure for encrypted data, the data stmcture comprising: 

at least one data entity encrypted by at least one encryption key, the data entity having at 

least one searchable attribute; and 
at least one encryption key identification stored in association with the data entity and 

conesponding to the encryption key. 

Claims 29-39 (canceled). 

Claim 40 (original): A method for storage and retrieval of encrypted data, the method- 
comprising: 

encrypting a data entiiy with an encryption key having an encryption key identification; 
storing the data entity; and 

storing the encryption key identification in association with the data entity. 

Claim 41 (original): The method according to claim 40 further comprising: 
requesting a data manipulation using a searchable attribute; 
searching for matches to the searchable attribute; 

searching for the encryption key using the encryption key identification; and 
decrypting the data entity with the encryption key. 

Claim 42 (original): The method according to claim 41 wherein requesting the data manipulation 
comprises requesting a data update of new information, and further comprising 
encrypting the new information with a second encryption key. 

Claim 43 (original): The method according to claim 41 wherein requesting the data manipulation 
comprises requesting an addition of new information, and further comprising encrypting 
the new information with a second encryption key. 

< WA 84S487.2 
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Claim 44 (original):*The method according to claim 41 wherein requesting the data manipulation 

comprises i^uesting viewing of cmrent information* and further comprising encrypting 

the viewed information with a second encryption key 
Claim 45 (original): The method according to claim 40 further comprising encrypting the 

encryption key identification with a system key having a system key common name. 
Claim 46 (original): The method according to claim 45 further comprising storing the system key 

in a security token. 
Claim 47 (original): The method according to claim 45 further comprising: 

requesting a data manipulation using a searchable attribute; 

searching for matches to the searchable attribute; 

searching for the system key using the system key common name; 

decrypting the encryption Icey identification with the system key; 

searching for the encryption key using the encryption key identification; and 

decrypting the data entity vrith the encryption key. 

Claim 48 (original): The method according to claim 45 wherein encrypting the encryption key 

identification with a system key comprises encrypting the encryption key identification 

with a system public key. 
Claim 49 (original): The method according lo claim 48 further comprising decrypting the 

encryption key identification with a system private key. 
Claim 50 (original): The method according to claim 45 further comprising storing the system key 

common name in association with the data entity. 

Claim 51 (original): The method according to claim 45 farther comprising checking for 
expiration of the system key, and upon expiration of the system key, discontinuing use of 
the system key and generating and using a new system key. 

Claim 52 (original): The mediod acconiing to claim 51 further comprising upon expiration of the 
system key, retaining the system key for decrypting previously encrypted encryption key 
identifications. 

^ WA 648487, 1 
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Claim 53 (previously ainended): The method according to claim 40 further comprising 
encrypting the encryption key identification with a system key having a system key 
common name, hashing the system key common name to create a system key common 
name hash value, and storing the system Icey connmon name and system key common 
name hash value in association with the data entity. 

Claim 54 (previously amended): The method according to claim 53 further comprising: 
requesting a data manipulation using a searchable attribute; 
searching for matches to die searchable attribute; 

searching for the system key common name using the system key common name hash 
vfjue; 

searching for the system key using the system key common name; 
decrypting the encryption key identification with the system key; 

searching for the encryption key using the encryption key identification; and decrypting 
the data entity with the encryption key. 

Claim 55 (original): The method according to claim 53 further comprising verifying the system 
key with a private certificate authority, and performing an integrity check on the system 
key. 

Claim 56 (original): The method according to claim 40 further comprising checking the 
encryption key for expiration. 

Claim 57 (original): The method according to claim 56 further comprising upon expiration of the 
encryption key, generating a new encryption key having an expiration date, retrieving 
data entities using the encryption key, decrypting the retrieved data entities with the 
encryption key, encrypting the retrieved data entities with the new encryption key. storing 
the retrieved data entities. 

Claim 58 (previously amended): The method according to claim 40 further comprising hashing 
searchable attributes of the data entity to determine data entity attribute hash values and 
storing the data entity attribute hash values in association with the data entity. 
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Claim 59 (original): The method according to claim 58 farther comprising: 

requesting a data manipulation using a searchable attribute; 

hashing the searchable attribute to create a searchable attribute hash value; 

searching for matches to the searchable attribute hash value; 

searching for the encryption key using the encryption key identification; and 

after retrieving the encryption key, decrypting the data entity with the encryption key. 
Claim 60 (original): The method according to claim 40 further comprising transmitting the data 

entity over a data transmission line, and wherein encrypting the data entity comprises 

encrypting only a portion of the data entity in accordance with a business rule. 
Claim 61 (original): The method according to claim 40 fiorther comprising generating a new 

encryption key for each user session. 
Claim 62 (original): The method according to claim 40 further comprising generating a new 

encryption key for each user action. 
Claim 63 (original): The method according to claim 40 further comprising retrieving the 

encryption key from a separate database, and decrypting the data entity with the 

encryption key. 

Claim 64 (original): The method according to claim 40 further comprising auditing the 

encryption key for a desired event. 
Claim 65 (original): The method according to claim 40 wherein the data entity and encryption 

key identification are stored in a first database, and farther comprising storing the 

encryption key in a second database. 
Claim 66 (original): Tlie method according to claim 40 further comprising encrypting the 

encryption key identification with a system key having a system key common name, and 

maintaining the system key within a security domain at all times. 
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Claim 67 (original): The method according to claim 40 further comprising: 

requesting a data manipulation using a searchable attribute; 

searching for matches to the searchable attribute; 

searching for the encryption key using the encryption key identification; 

performing an integrity check on the encryption key; and 

decrypting the data entity with the encryption key. 

Claim 68 (original): A method for retrieval of encrypted data at rest* the method comprising: 

requesting a data manipulation using a searchable attribute; 
searching a plurality of data entities for matches to the searchable attribute; 
obtaining an encryption key identification from the data entities; 
searching for an encryption key using the encryption key identification; and 
decrypting the data entities with the encryption key. 

Claim 69 (previously amended); The method according to claim 68 further comprising: 
obtaining a system key common name from the data entities; 
seaiching for a system key using the system key common name; 
decrypting the encryption key identification with the system key; 

Claim 70 (original): A method for storage and retrieval of encrypted data, the method 
comprising: 

encrypting a plurality of data entities with a rotating and dynamic encryption key having 

an encryption key identification; 
storing the data entities; and 

creating and rotating to a new encryption key upon occurrence of a desired rotation event. 
Claim 71-97 (canceled). 
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Cluim 98 (original): A method of providing a secure environment for the storage of infonnation, 
the method comprising; 

encrypting a data entity with an encryption key having a randomly generated encryption 

Icey identification; 
storing the data entity; and 

storing the encryption key identification in association with the data entity. 
Claim 99 (original): The method according to claim 98 further comprising encrypting the 
encryption key identification with a system key having a system key common name. 

Claims 100-120 (canceled). 
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